Higher education organizations are a prime target for business payments fraud. So how can procurement and AP departments secure their vendors’ data and payments? A recent PaymentWorks panel discussion highlighted the need for increased focus on managing payee identity within higher ed institutions. Here are some of the key takeaways.
Every one of our customers reports that fraud is a major concern for them. Every single one. Some organizations have been scammed into sending payments to entities posing as legitimate payees, and some have risked serious data breaches with unsecured processes. And they’re not alone: Google, Facebook, Toyota Boshoku, and the City of Naples, FL have all been victims of payments fraud. But no matter the details, all of our customers came to PaymentWorks with a story to tell about fraud.
In the higher education space, our customers usually have a whole handful of stories.
WHAT MAKES HIGHER EDUCATION A TARGET?
Higher ed — with its public expenditure disclosures and decentralized procurement systems — is especially vulnerable to fraud. A high volume of payments sent to a vast network of payees makes payee identity management at best challenging, and at worst... well, let’s hear from Dan Alden about what it was like when he started as Director of Procurement at Texas State University about two years ago:
“Everything was being handled with paper forms. Everything was human intervention. [...] We were doing what we could to try to confirm [payee identity] data, but we were very limited. We would ask for notarized documents, we would ask for copies of checks, we would ask for copies of IDs... We were really a bottleneck for the university because of that manual process and because of those security processes.”
Between the highly sensitive personal data that needs to be collected from vendors and the large disbursements procurement departments control, the bottleneck Dan describes becomes a security risk. When your team is under intense pressure to get through weeks or even months of backlogged requests, they are more likely to make an error in judgment. And that means payments to fraudsters instead of vendors.
IDENTITY VALIDATION: “WE’RE NO CSI. IT’S JUST NOT OUR JOB.”
Your procurement team must not only collect and manage confidential personal information of vendors, but also validate that information. When you’re burdening your AP staff with manually validating vendor identities and burdening your payees with endless checklists of documentation, purchasing and disbursement operations grind to a halt.
Renee Starns, Executive Director of Procurement & Business at Sam Houston State University, knew that her department had to address these challenges not just as inconvenient drags on productivity, but as serious liabilities:
“It was not uncommon to walk into a department and [see that] people had W9s lying on their desks. As fraudulent activities increased in the higher ed industry, we recognized that we had a problem not only there, but also in our abilities to validate the information that was being submitted by the suppliers. We were very heavily paper-based, [...] and we were looking for a way to... get everything automated and off paper.”
Renee brings up a really good point, and it’s echoed by Dan just a few minutes later: How do you validate payee information when you’re stuck with paper-based processes? It’s manual, it’s entirely human-dependent, and therefore it’s fallible. When bank account information is updated in your system by request of the payee, there’s no way to verify that the requestor is, in fact, the vendor. Dan outlined the impossibility of detecting fraudulent requests on paper, especially when it just is not the job of your team to track down suspicious requests.
HERE’S WHERE AUTOMATION COMES IN
Don’t let your department be the last one in the organization to automate problematic tasks — especially when private information and the institution’s business reputation is at stake. As Renee said, “Higher ed people talk. We all go to the same conferences. [We were hearing about] all these systems and schools having fraudulent activity hit them around construction payments or Dell computer orders — so yeah, fraudulent activity drove our decision as well as automation.” Consider one western state university, who made headlines last year for being scammed to the tune of nearly $750K: the loss of carefully budgeted funds is one thing, but the loss of trust is harder to quantify and harder to recover from.
Want to hear more about how PaymentWorks can help higher ed systems automate and secure business payments? Listen to the full panel discussion to get insights from the industry pros.